trying to understand this instruction in context w. Segment registers
I am trying to understand this instruction:
0x80496fa <yellow_preflight+18>: mov eax,ds:0x804c220
and these are the register values at runtime:
EAX: 0x000000D2 EBX: 0xB7FB6FF4 ECX: 0xBFFFF438 EDX: 0xBFFFF3A4 o d I t S z A P c
ESI: 0x00000000 EDI: 0x00000000 EBP: 0xBFFFF468 ESP: 0xBFFFF450 EIP: 0x080496FF
CS: 0073 DS: 007B ES: 007B FS: 0000 GS: 0033 SS: 007B
So for my understanding if this was just a regular mov instruction w/o the 'ds:' prefix in the source address. Then eax should hold the '0x0804c220' Value. But when i step further in the execution the value of eax becomes
EAX: 0xB7FB7440
instead of the expected value. So i am trying to find a explanation for this behavior. Thanks in advance.
Dirk
Jester2 Answers
The ds: is a so called segment override prefix.
For example, let's say you write down this in your source code (NASM syntax):
mov eax, [0x804c220]
You did not use a segment prefix, but the assembler will use the default segment for this kind of memory access, the ds (data segment). It will transform your code to this on its own:
mov eax, [ds:0x804c220]
That is why using the ds: prefix in the source code would make no difference in your example. But when you use a different segment overwrite prefix, it will make a difference. For example in this case the assembler will use the fs instead of default ds segment:
mov eax, [fs:0x804c220]
Blechdoseds:0x804c220 is an address; the instruction is moving the value at that address into eax.
Scott HunterUser contributions licensed under CC BY-SA 3.0